Braden mentions the talk “wasn’t very good. Basically, a need to know about external data and need a way to control who accesses. Reminds me of what Palo Alto was addressing with DataCenters with NGFW’s.”

“Envoy Deep Dive was freaking packed, the room was so full that people had to sit on the floor,” says Braden. “Deep dive was the first good talk in my opinion. Provided nice details about what’s coming, different ways of running, optimizations, etc.”

In large Istio deploys, 80-90% of memory consumed by Istio/Envoy is for stat

Envoy can be deployed in any way that a L7 proxy can

Sidecar approach has a lot of talk because of K8s/Istio. Today, there are more production installs running on Standalone Envoy

One big issue that needs to be solved is Istio passes around configuration details about the entire mesh. There is work being done to either: (A) be more declarative so you get only the Configuration you need, or (B) lazy load configuration. This year we should start to see more topics about optimizing Envoy running, and running at large scale

While Envoy helps hide the implementation of cluster wide concerns like timeouts/circuit breaking, these setting can easily be overridden via headers in http request to make testing different configurations easier.

“It should be in beta any day now, while its not ready for production use I think it could be really useful to run in ‘OFF’ mode, in this case VPA will give you recommendation for `resource requests`. In `OFF` mode its only recommendations but won’t do anything destructive. This could be a really great way to help you right size your pods until VPA becomes stable and trusted for destructive tasks.” says Braden.